fix: treat text app session parameters as sensitive values

* `PublicSessionController create` receives a share token.
* The others receive the parameters for a text session:
  `document_id`, `session_id`, `session_token`.
  Even though these are relatively short lived
  they could be used to retrieve content from the document when leaked.

Signed-off-by: Max <max@nextcloud.com>

lib/private/Log/ExceptionSerializer.php

@@ -100,6 +100,16 @@ class ExceptionSerializer {
 
 		// Preview providers, don't log big data strings
 		'imagecreatefromstring',
+
+		// text: PublicSessionController, SessionController and ApiService
+		'create',
+		'close',
+		'push',
+		'sync',
+		'updateSession',
+		'mention',
+		'loginSessionUser',
+
 	];
 
 	/** @var SystemConfig */